Yuriy Bulygin knows all about computer vulnerabilities. He spent most of his career at Intel Corp. studying security flaws in chips, including several years as the company’s chief threat researcher, until last summer. So you can believe him when he says he’s found something new: His latest research, set to be published on May 17, shows hackers can exploit previously disclosed problems in microprocessors to access a computer’s firmware—microcode that’s stored permanently inside processors and other chips—to get to its most sensitive information. “The firmware has access to basically all the secrets that are on that physical machine,” he says.
The hacking technique Bulygin found exploits the Spectre vulnerabilities, initially unearthed by Google and other researchers and disclosed earlier this year. The tech giant discovered that millions of computers and smartphones could be compromised by Spectre, which takes advantage of glitches in how processors try to predict what data they believe users will need next, and fetch it in advance. Bulygin’s technique goes a step further by enabling hackers to read data from a particular type of firmware called system management mode memory. The code is linked to access rights that control key functions of the machine, including shutting down the central processing unit if the computer gets too hot or letting administrators configure the system. With access to the SMM memory, hackers can get essentially any data they want.
Cloud computing services may be at the greatest risk, Bulygin says, because the glitch could be used to breach protections for keeping companies’ data separate on physical servers.
More here
No comments:
Post a Comment